From 8d2398a2185708c010b088d65ea50cb8e515177c Mon Sep 17 00:00:00 2001 From: catalinamanolache Date: Sat, 10 May 2025 12:11:56 +0300 Subject: [PATCH 1/3] chapters/exploitation-techniques: Handle 07-challenge-shellcode-on-stack Docker setup and automation Added the following files to help with automation: 1. A Dockerfile containing two stages: build and runtime 2. A run.sh script which the student can run to handle the docker process 3. A README.md file which depicts the usage of the previous components. Signed-off-by: catalinamanolache --- .../sol/README.md | 12 ++++++++ .../sol/run.sh | 19 +++++++++++++ .../src/Dockerfile | 28 +++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md create mode 100755 chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/run.sh create mode 100644 chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md new file mode 100644 index 0000000..2aae072 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md @@ -0,0 +1,12 @@ +### Building and running + +**Running challenge** +Make sure you are in the `sol` directory and run the following command: + +```bash +./run.sh +``` +This will build the `challenge07` docker and run it. Afterwards, the `vuln` +executable will be copied to the `sol` directory and the `exploit.py` script +will be executed. +Cleanup will be done automatically after the script is finished. \ No newline at end of file diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/run.sh b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/run.sh new file mode 100755 index 0000000..9fb2ccf --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/run.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Build the Docker image from the correct directory +cd .. +docker build -f src/Dockerfile -t challenge07 . + +# Run container in background +docker run -d --name challenge07 -p 31345:31345 challenge07 + +# Copy the binary from the container for local analysis +docker cp challenge07:/app/vuln sol/vuln + +# Navigate to the sol directory and run the exploit +cd sol +python3 exploit.py + +# Cleanup: Remove the local copy of the binary and stop the container +rm -f vuln +docker stop challenge07 +docker rm -f challenge07 \ No newline at end of file diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile new file mode 100644 index 0000000..c9e39bb --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile @@ -0,0 +1,28 @@ +# Build Stage +FROM gcc AS builder +WORKDIR /build + +# Copy only the content from the src directory +COPY src/ . + +RUN make + +# Runtime Stage +FROM python:3.9-slim +WORKDIR /app + +RUN apt-get update && \ + apt-get install -y --no-install-recommends binutils cpp && \ + rm -rf /var/lib/apt/lists/* && \ + pip install --no-cache-dir pwntools + +ENV TERM=xterm + +COPY --from=builder /build/vuln /app/vuln +COPY sol/exploit.py /app/exploit.py + +# Expose port 31345 +EXPOSE 31345 + +# Run the vulnerable binary +CMD ["/app/vuln"] \ No newline at end of file From 516d91183dac7cb7869c9bd5eca28a32f1b1c958 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C4=83t=C4=83lina=20Manolache?= Date: Sat, 17 May 2025 16:40:26 +0300 Subject: [PATCH 2/3] exploitation-techniques: Add Dockerfile 07-challenge-shellcode-on-stack MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated the Dockerfile for the shellcode-on-stack challenge to properly build and run the vulnerable binary, ensuring it works correctly in the Docker environment and listens on port 31345. Signed-off-by: Cătălina Manolache --- .../drills/07-challenge-shellcode-on-stack/src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile index c9e39bb..84ae4f5 100644 --- a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/src/Dockerfile @@ -25,4 +25,4 @@ COPY sol/exploit.py /app/exploit.py EXPOSE 31345 # Run the vulnerable binary -CMD ["/app/vuln"] \ No newline at end of file +CMD ["/app/vuln"] From c3975a119403b8e34bdb0e1453c36b455d5bf4a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C4=83t=C4=83lina=20Manolache?= Date: Sat, 17 May 2025 16:50:45 +0300 Subject: [PATCH 3/3] exploitation-techniques: Add Makefile and README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added the following files: 1. A Makefile which the student can use to handle the docker process. 2. A README.md file which depicts the usage of the previous component. Signed-off-by: Cătălina Manolache --- .../sol/Makefile | 23 ++++++++++++++++ .../sol/README.md | 27 +++++++++++++------ 2 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/Makefile diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/Makefile b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/Makefile new file mode 100644 index 0000000..fcac47e --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/Makefile @@ -0,0 +1,23 @@ +PORT ?= 31345 +IMG_NAME ?= challenge07 +CONT_NAME ?= $(IMG_NAME)-container + +build: + cd .. && docker build -f src/Dockerfile -t $(IMG_NAME) . + +run: stop build + docker run -d --rm -p $(PORT):31345 --name $(CONT_NAME) -t $(IMG_NAME) + docker cp $(CONT_NAME):/app/vuln ./vuln + +exploit: run + python3 exploit.py + +stop: + -docker stop $(CONT_NAME) 2>/dev/null || true + -docker rm -f $(CONT_NAME) 2>/dev/null || true + -rm -f ./vuln 2>/dev/null || true + +clean: stop + @echo "Cleanup complete" + +.PHONY: build run exploit stop clean diff --git a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md index 2aae072..e54135f 100644 --- a/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md +++ b/chapters/exploitation-techniques/shellcodes/drills/07-challenge-shellcode-on-stack/sol/README.md @@ -1,12 +1,23 @@ ### Building and running -**Running challenge** -Make sure you are in the `sol` directory and run the following command: +**Using the provided Makefile** -```bash -./run.sh +Make sure you are in the `sol` directory and run the following commands: + +```console +# Build the Docker image +make build + +# Run the container and copy the binary +make run + +# Execute the exploit +make exploit + +# Clean up when finished +make clean ``` -This will build the `challenge07` docker and run it. Afterwards, the `vuln` -executable will be copied to the `sol` directory and the `exploit.py` script -will be executed. -Cleanup will be done automatically after the script is finished. \ No newline at end of file + +The Makefile automates the process of building the Docker image, running the +container, copying the binary and executing the exploit script. +The `make clean` command will remove all resources when you're done.